Revision history [back]
 | 1 | initial version |
This question has a lot to do with CentOS default and CentOS administration rather than with the cloud itself.
By default, CentOS has its own firewall (its own iptables configurations) which is more restrictive than the values you set in the security rules configurations. This means that CentOS will reject access to port 5050 even though you activate it in the rules of your security groups.
This is so because it is CentOS philosophy and it is respected in Fiware's Cloud.
What to do? One of these things: a). You could disable your CentOS firewall and relay on your Security Groups' rules:
service iptables stop
chkconfig iptables off ### To keep configurations upon reboots.
b). You could enable the rule in your iptables. This is the way IP tables is configured by default:
# iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited
These rules are processed sequentially, so you can't append a rule (iptables -A) because the rule will appended and proccessed after it the REJECT. The way is inserting the rule:
iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 5050 -j ACCEPT
This way, the rule will be inserted just before:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
And the rule will be processed before any reject and the port will be accesible. However, we need to update the iptables rules to be persistent upon reboots:
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.old
iptables-save > /etc/sysconfig/iptables
